Anastassios Nanos delivered an insightful presentation at OpenInfra Days Hungary, in Budapest, earlier this June, highlighting the innovative capabilities of the Kata Containers project. The talk focused on the project’s advancements, particularly the introduction and maturity of the Rust runtimes, alongside the go version of the runtime, and demonstrated how the Kata team is leveraging these technologies to enhance the performance and security of serverless workloads. As a first time Architecture Committee member since April 2024, Dr Nanos presented the current status of the project, and how the team at Nubificus & Nubis is using kata-containers to sandbox serverless workloads, while exposing hardware acceleration capabilities by integrating vAccel to the container runtime.
Kata Containers Project Overview: Dr Nanos began by providing an overview of the Kata Containers project, an open-source initiative that integrates lightweight virtual machines (VMs) to enhance the security and isolation of containerized applications. He explained how Kata Containers combine the speed and flexibility of containers with the robust security features of VMs, making them an ideal solution for modern cloud-native applications.
Go and Rust Runtimes: A significant portion of the presentation was dedicated to the dual support for Go and Rust runtimes within Kata Containers. Dr Nanos detailed the journey from the initial Go runtime to the introduction of the Rust runtime, emphasizing the performance and safety benefits of Rust. He discussed the efforts to achieve feature parity between the two runtimes, enabling users to choose the runtime that best suits their needs without sacrificing functionality or performance.
Sandboxing Serverless Workloads: Dr Nanos illustrated how Kata Containers are being used to sandbox serverless workloads, a growing trend in cloud computing. He explained that by using Kata Containers, the team can provide strong isolation for serverless functions, ensuring that workloads are securely sandboxed and isolated from one another. This approach not only enhances security but also improves the reliability and stability of serverless environments.
vAccel Integration: One of the standout points of the talk was the integration of vAccel with Kata Containers. Dr Nanos explained how vAccel allows the exposure of hardware acceleration functionalities to sandboxed containers, significantly boosting the performance of compute-intensive tasks. This integration enables developers to take full advantage of hardware acceleration within a secure and isolated environment, paving the way for more efficient and powerful applications.
Looking Ahead: Dr Nanos concluded his presentation with a look ahead to the future of Kata Containers, including the anticipated release of Kata Containers 4.0. He highlighted ongoing efforts to further unify the Go and Rust runtimes and to expand the project’s capabilities to meet the evolving needs of the cloud-native ecosystem.
The presentation at OpenInfra days Hungary underscored the Kata Containers project’s commitment to innovation and security in containerized environments. With its robust feature set and continued development, Kata Containers is poised to play a crucial role in the future of cloud-native infrastructure.
For more information about the Kata Containers project, visit katacontainers.io. All demos presented are available online at github.
Many thanks to the OpenInfra Foundation for hosting Dr Nanos, as well as to DESIRE6G and MLSysOps for supporting the development of most of the work presented.
Nubificus LTD proudly presents the latest release of the vAccel framework.
vAccel v0.6.0
is available, as well as a hot fix
followup for
x86_64
, aarch64
, and armv7l
architectures, with the essential binaries
for users to get started.
A major addition to our previous release is Torch support. Users are now able to run inference on Torch models seamlessly, on local and remote targets (CPU/GPU etc.). A short screen cast is available to check torch with vAccel in action!
vAccel v0.6 includes updated helper
functions
for easier argument definition (exec
), as well as enhanced CI and
testing support.
A fun addition was native Golang
bindings! Users can now natively interact with
Go programs and enjoy hardware acceleration from simple web services! Golang
bindings helped a lot with our Knative integration!
vAccel v0.6 offers updated API remoting functionality over generic sockets,
supporting AF_VSOCK
and AF_INET
, enabling local and remote
execution over the network. AF_VSOCK
support is also updated with a streaming
optimization, to reduce the amount of memory allocated by the gRPC transport
layer.
This iteration’s update also contains important bug fixes and performance optimizations. For the list of changes, see the RELEASE notes.
The individual components are packaged as binary artifacts or deb
packages
for users to install them directly. For a list of the binary components please
visit vAccel’s documentation page.
The core vAccel library is open-source, available on
github.
The roadmap for v0.7 contains enhanced Torch support, OpenCV
-native bindings, a
C++
-based transport layer, the move to the meson
build system, and more!
vAccel enables workloads to enjoy hardware acceleration while running on environments that do not have direct (physical) access to acceleration devices. With a slim design and precise abstractions, vAccel semantically exposes hardware acceleration features to users with little to no knowledge of software acceleration framework internals.
vAccel integrates with container runtimes such as kata-containers. v0.6 brings updated support for kata-containers v3.X, both for the Go and rust runtimes, so deploying an application that requires hardware acceleration in a sandboxed container in k8s is now possible without complicated hardware setups!
Serverless computing workflows are now able to enjoy compute-offload mechanisms to provide AI/ML services as functions, triggered thousands or millions of times by events, on-demand, auto-scaling to multiple physical and virtual nodes, without the need to directly attach a hardware device to the instance. This functionality is enabled through vAccel’s virtualization backends, enabling the execution of hardware-accelerated functions on Virtual Machines. Support for numerous hypervisors is available, including AWS Firecracker, QEMU/KVM, Cloud Hypervisor, and Dragonball, the stock hypervisor of kata-containers! See the relevant documentation on how to run an example on a VM.
End-users can get a sneak peek at what vAccel has to offer on the project’s website, on github, or by browsing through the available documentation. To get started, follow the Quick start guide.
FOSDEM 2024 was a blast! Our team was there presenting our work around unikernels, and their interaction with the cloud-native world.
The first presentation took place in the Containers devroom, where we described
the challenges of securing containers within VM or microVM sandboxes and the
complexities of resource optimization on physical nodes. We presented urunc
, a
CRI-compatible container runtime spawning unikernels packaged in OCI images.
The talk highlighted urunc
’s internals, covering hypervisor support, network
and storage handling, and integration with high-level orchestration frameworks
like Kubernetes, while also addressing network setup implications when
combining unikernels and generic containers in a k8s context.
In the Microkernel devroom, we continued our exploration of unikernels
with a focus on modularity. The team presented bunny
, a novel build system
aimed at simplifying the Unikernel building process. bunny
adopts a layered
approach, making use of the modular aspect of Unikernels. Each component
represents a distinct layer, eliminating the need for users to manually build
dependencies. This approach allows for the creation of minimal and specialized
Unikernel images tailored for individual applications.
These presentations highlight our commitment to simplify and optimize application delivery in diverse, heterogeneous infrastructure, providing valuable insights into security and system optimization in the evolving landscape of container technology.
Find below the slides and video recordings of the presentations, along with links to the devrooms full schedule.
FOSDEM
FOSDEM stands for “Free and Open Source Software Developers’ European Meeting.” It is one of the largest gatherings of open-source developers and enthusiasts in the world. FOSDEM is an annual event that takes place in ULB Solbosch Campus, Brussels, Belgium, typically in late January or early February.
The conference provides a platform for developers, contributors, and users of free and open-source software to come together, share knowledge, collaborate on projects, and discuss the latest developments in the open-source community. FOSDEM is known for its diverse range of talks, developer rooms, and stands, covering a wide array of topics related to open-source software, including programming languages, operating systems, security, networking, and more.
FOSDEM is a free event, organized by volunteers, and it attracts participants from around the globe. The conference aims to foster collaboration and promote the principles of free and open-source software within the technology community.
Although statistics are not out yet, this year, getting into the talks was harder than ever. Rooms were filling up even 30’ before the scheduled talks. As an indication, almost 855 events are recorded and are being transcoded to be available for online viewing. Our estimation is that there were almost 10000 people in ULB.
The SERRANO H2020 research project,
a collaborative effort led by ICCS
‘ High Speed
Communication Networks Lab, successfully concludes,
marking a significant breakthrough in various aspects of cloud- and edge-based
computing technologies. The project aimed to introduce a novel ecosystem
spanning application deployment software components, to systems software
enabling the use of specialized hardware resources.
One of the key achievements of the SERRANO project is the work carried out by Nubificus LTD in enabling interoperable hardware acceleration using vAccel. Nubificus LTD played a pivotal role in developing and implementing solutions that allow seamless interoperability among diverse hardware resources, contributing to enhanced performance and efficiency in Cloud and Edge computing.
Furthermore, Nubificus LTD has been instrumental in facilitating the deployment of applications in Cloud and Edge environments through the integration of secure and efficient container runtimes. Through the development of urunc, an open-source, lightweight container runtime that spawns unikernels as generic containers Nubificus LTD paved the path for seamless applications deployment at the Edge, maintaining security standards and efficiency across various computing environments.
SERRANO’s ambitious goal of transforming distributed edge, cloud, and HPC resources into a single borderless infrastructure has been realized through the efforts of all partners. The project has not only closed existing technology gaps but has also set the stage for advanced infrastructures capable of meeting the stringent requirements of future applications and services.
SERRANOICT-40-2020 SERRANO Project (H2020 GA No 101017168): Transparent Application Deployment in a Secure, Accelerated and and Cognitive Cloud Continuum. SERRANO investigates the transparent deployment of applications in a secure and accelerated infrastructure of edge, cloud and HPC resources, based on FPGAs, GPUs, Virtual Platforms and Smart NICs, while facilitating their automated and cognitive orchestration.
Sep 18th-21st we were in Bilbao, Spain for the Open Source Summit Europe 2023! We had the opportunity to talk about open-source, meet friends, and make new ones!
It was a pleasure for us to present our work on bringing unikernels closer to the cloud-native world! Video Slides
In this session, we went through the options that users have to deploy applications in Cloud & Edge environments. We talked about containers, sandboxed containers, and unikernels, introduced our own container runtime tailored to unikernels, and presented the integration effort we have undertaken to allow unikernels to execute in k8s & Serverless Computing frameworks.
urunc is an open-source, lightweight container runtime that spawns unikernels as generic containers. To facilitate the packaging of unikernels as OCI artifacts, we built bima, a tool that automates the process of injecting unikernel binaries into container image layers and adds metadata that are later used by urunc.
This work is supported by EU H2020 research and innovation programmes, under Grant Agreements 101017168 (SERRANO) and 871900 (5G-COMPLETE).
We are excited to host a Unikraft Hackathon in Athens, GR! It is a great opportunity for students, professionals and systems software enthousiasts to meet, exchange ideas, and code together in this two-day event!
Nubificus LTD, along with the Unikraft community, the High Speed Communication Networks Lab (HSCN) and the Computing Systems Lab (CSLab) of the National Technical University of Athens (ICCS/NTUA) come together to organize the Unikraft Athens Hackathon to be held on Thursday and Friday, March 30-31, 2023.
As part of the Unikraft community Răzvan Deaconescu and Ștefan Jumărea will be present on-site, with other community members providing support online, on Discord.
At the end of the first day, starting at 16:15, we will host a short session with invited talks:
“The Value of Unikernels in the Emerging Disaggregated HPC and AI Clusters”, Dimitris Syrivelis
“Unikernels for Serverless”, Anastassios Nanos
“Running MPI applications on Toro unikernel”, Matias Vara Larsen
The hackathon will take place as an in-person event at the Multimedia Amphitheater at the Zografou campus of NTUA. The full address is: Multimedia Amphitheater, Central Library Building, Heroon Polytechniou 9, 15780 Zografou, Greece.
Support information and discussions will take place on Discord on the #hack-athens23 channel.
Unikraft is a fast, secure and open-source Unikernel Development Kit, optimizing application execution by tailoring the operating system, libraries and configuration to the particular needs of the application. It vastly reduces virtual machine and container image sizes to a few KBs, provides blazing performance, and drastically cuts down the software stack’s attack surface.
Nubificus LTD proudly presents the latest release of the vAccel framework.
vAccel v0.5.0 is available as a tar
bundle for x86_64
and aarch64
architectures, with the essential binaries for users to get started.
Additionally, the individual components are packaged as binary artifacts or deb
packages for users to install them directly. For a list of the binary
components please visit vAccel’s documentation
page. The core vAccel library is
open-source, available on github.
vAccel enables workloads to enjoy hardware acceleration while running on environments that do not have direct (physical) access to acceleration devices. With a slim design and precise abstractions, vAccel semantically exposes hardware acceleration features to users with little to no knoweldge of software acceleration framework internals.
vAccel integrates with container runtimes such as kata-containers. v0.5.0 brings updated support for kata-containers v3.0, so deploying an application that requires hardware acceleration in a sandboxed container in k8s is now possible without complicated hardware setups!
A subset of vAccel’s API is also integrated with Unikernel frameworks such as Unikraft. See the relevant documentation for more information on how to get started!
Serverless computing workflows are now able to enjoy compute-offload mechanisms to provide AI/ML services as functions, triggered thousands or millions of times by events, on-demand, auto-scaling to multiple physical and virtual nodes, without the need to directly attach a hardware device to the instance. This functionality is enabled through vAccel’s virtualization backends, enabling the execution of hardware-accelerated functions on Virtual Machines. Support for numerous hypervisors is available, including AWS Firecracker, QEMU/KVM, Cloud Hypervisor, etc. See the relevant documentation on how to run an example on a VM.
vAccel v0.5.0 offers enhanced API remoting functionality over generic sockets,
supporting AF_VSOCK
and AF_INET
, enabling local (intra-node) and remote
execution over the network. Optimized AF_VSOCK
support is also offered using
the virtio-vsock
backend on QEMU/KVM, AWS Firecracker, Cloud hypervisor,
Dragonball and any other hypervisor that supports virtio-vsock
.
This iteration’s update also contains important bug fixes and performance optimizations.
The roadmap for v0.6.0 contains PyTorch support (currently under development).
End-users can get a sneak peek at what vAccel has to offer on the project’s website, on github, or by browsing through the available documentation. To get started, follow the Quickstart guide.
Nubificus LTD has been identified by the European Commission’s Innovation Radar as a high potential innovator for their work on Serverless computing. Specifically, EC’s IR identified the Serverless Framework that Nubificus LTD develops as having a high potential for innovation. The lightweight serverless framework for the Edge is being developed as part of the 5G-COMPLETE Horizon 2020-funded project.
The framework to provide Fast, Secure & Efficient Serverless for the Edge was assessed by the IR (https://www.innoradar.eu) as technology that addresses the needs of existing markets and falls under IR’s exploring category. This category prizes organizations’ initiative to take steps to actively explore value creation opportunities, commercialization and the pursuit of concrete market-oriented ideas that advance technology development processes.
The 5G-COMPLETE project aims to revolutionize the 5G architecture, by efficiently combining compute and storage resource functionality over a unified ultra-high capacity converged digital/analog Fiber-Wireless (FiWi) Radio Access Network (RAN). By employing the recent advances in Ethernet fronthauling introduced by the eCPRI standard as a launching point, 5G-COMPLETE introduces and combines a series of key technologies under a unique architectural proposition. Nubificus particular focus is on the rapid and cost-efficient service deployment through lightweight virtualization mechanisms and unikernel technology.
The unique systems software components stemmed from the project are leveraged to explore disruptive technologies for Serverless computing and extracted the essential features to allow workloads to be deployed and executed securely, at the Edge, supporting hardware acceleration functionality.
The Innovation Radar is a European Commission initiative that identifies high potential innovations and innovators in EU-funded research and innovation projects. It bases its selection on information and data gathered by independent experts who review research and innovation projects funded by the European Commission.
The goal of the Innovation Radar platform is to show citizens the scientific and technological advances that take place thanks to the Commission’s funding. By providing greater access to such information, the platform hopes to encourage the development of a dynamic ecosystem of incubators, entrepreneurs, funding agencies and investors that can help get EU-funded innovations to the market faster.
Nubificus LTD participates in the ICT-40-2020 SERRANO Project (H2020 GA No 101017168): Transparent Application Deployment in a Secure, Accelerated and Cognitive Cloud Continuum, which kicked off in January 2021 and will last three years. SERRANO consortium consists of 11 partners from industry and academia. SERRANO investigates the transparent deployment of applications in a secure and accelerated infrastructure of edge, cloud and HPC resources, based on FPGAs, GPUs, Virtual Platforms and Smart NICs, while facilitating their automated and cognitive orchestration.
SERRANO investigates the transparent deployment of applications in a secure and accelerated infrastructure of edge, cloud and HPC resources, based on FPGAs, GPUs, Virtual Platforms and Smart NICs, while facilitating their automated and cognitive orchestration.
Nubificus LTD will lead the development of lightweight mechanisms to enable workload isolation and trusted execution in multi-tenancy nodes, hardware acceleration abstractions for serverless workloads and the development of resource orchestration and lightweight virtualization mechanisms.
Today, Nubificus LTD introduced vAccel support on AWS Firecracker, opening the door for enabling hardware acceleration for serverless computing.
With a slim design and precise abstractions, vAccel semantically exposes hardware acceleration features to users with little to no knoweldge of software acceleration framework internals.
Serverless computing workflows are now able to enjoy compute-offload mechanisms to provide AI/ML services as functions, triggered thousands or millions of times by events, on-demand, auto-scaling to multiple physical and virtual nodes.
The core of vAccel is the runtime system, essentially a library, that translates complicated compute frameworks to meaningful functions that users can directly call. These frameworks, commonly used on hardware accelerators, such as TensorRT, Tensorflow, Jetson-inference, or even lower-level abstractions such as CUDA, OpenCL, OpenACC, are now easily usable by the end-user via vAccel. Moreover, vAccel offers a virtualization backend, facilitating the execution of functions on Virtual Machines. Apart from support for AWS Firecracker, QEMU/KVM support is also availabe.
End-users can get a sneak peek at what vAccel on AWS Firecracker has to offer on the project’s website, on github, or on-prem, by using the distributed binaries, or just a container image. To get started, follow one of the tutorials currently available at https://blog.cloudkernels.net
At Nubificus, we are exploring systems software optimizations for deploying lightweight applications in the Cloud and at the Edge. Based on existing open-source tools and frameworks we mix and match application dependencies and tailor the Operating Systems layer to match the applications’ requirements. We are a fully distributed company working from the UK & Greece.
For news enquiries please send an email to press@nubificus.com.
Make sure you follow us on Social Media! You can find the relevant links at the bottom of this page!